The panel discussed security and privacy in healthcare. Some key points:
- 43% of all 2011 security breaches began in healthcare according to Symantec.
- Medical records are valued at $50 each on the black market, much more than credit cards.
- Top threats to healthcare security are malware, automatic log-off not being used, and removable media.
- HIPAA compliance does not ensure security. Access must be controlled and critical data identified.
- Presenters provided overviews of trust frameworks, Direct secure messaging between providers, and the role of digital certificates in authentication. Ensuring security requires addressing both technical and human factors.
Where in the world is your PII and other sensitive data? by @druva incDruva
Consumers rely on businesses to keep their personal information safe. Too few of those businesses are actively protecting that data. Here’s what’s gone wrong, and how businesses should be responding. Full blog here: http://bit.ly/1Jtzym5
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?"
Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?"
Gaining C-Suite support for a robust cyber security strategy is critical for funding, adoption and overall success. To ensure organizational support, there must be a solid understanding of cyber security, how to protect the organization.s technology and data assets, the intersection of risk management and the impact cybercrimes can have on the organization.s financial viability, operations, patient care and reputation. The session addresses the current state and emerging trends with digital disruptions, cyber crimes and threats along with the impact they have on organizations. This session will discussed how this is changing the ways CIOs approach technology deployment and security management.
Learning Objectives:
Describe the components of effective cyber security and latest trends
Describe effective approaches addressing cyber threat and risk assessments
Describe the importance of investing in cyber security and the risks involved with not adequately addressing cyber security
Discuss ways to educate and drive awareness of on the importance of cyber security and risk management so it becomes part of the organization's culture
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Where in the world is your PII and other sensitive data? by @druva incDruva
Consumers rely on businesses to keep their personal information safe. Too few of those businesses are actively protecting that data. Here’s what’s gone wrong, and how businesses should be responding. Full blog here: http://bit.ly/1Jtzym5
CHIME LEAD San Francisco 2015 - Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?"
Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?"
Gaining C-Suite support for a robust cyber security strategy is critical for funding, adoption and overall success. To ensure organizational support, there must be a solid understanding of cyber security, how to protect the organization.s technology and data assets, the intersection of risk management and the impact cybercrimes can have on the organization.s financial viability, operations, patient care and reputation. The session addresses the current state and emerging trends with digital disruptions, cyber crimes and threats along with the impact they have on organizations. This session will discussed how this is changing the ways CIOs approach technology deployment and security management.
Learning Objectives:
Describe the components of effective cyber security and latest trends
Describe effective approaches addressing cyber threat and risk assessments
Describe the importance of investing in cyber security and the risks involved with not adequately addressing cyber security
Discuss ways to educate and drive awareness of on the importance of cyber security and risk management so it becomes part of the organization's culture
This white paper discusses the various cyber threats targeting healthcare organizations and the challenges security professionals face in securing access to protected health information.
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Patrick Bourk, National Cyber Practice Leader from Hub International, discusses the various cyber policies available for mid size commercial businesses. He also showcases the various types of risk to consider when working with an insurer.
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
Most small to medium health care organizations do not have the capability to address cyber incidents within the organization. Those that do are poorly trained and ill equipped. These health care organizations are subject to various laws that address privacy concerns, proper handling of financial information, and Personally Identifiable Information. Currently an IT staff handles responses to these incidents in an Ad Hoc manner. A properly trained, staffed, and equipped Cyber Incident Response Team is needed to quickly respond to these incidents to minimize data loss, and provide forensic data for the purpose of notification, disciplinary action, legal action, and to remove the risk vector. This paper1 will use the proven Incident Command System model used in emergency services to show any sized agency can have an adequate CIRT.
How prepared are you when it comes to Data Privacy? Take the enterprise data privacy quiz to find out. Follow along and mark your answers to see how you stack against your peers or read the report here: http://bit.ly/1DUGMfH.
Malware infiltration, spear phishing, data breaches...these are terrifying words with even more frightening implications. These threats are hitting the technology world hard and fast and can no longer be ignored.
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?" with Mac McMillan, FHIMSS, CISM, CEO & Founder, CynergisTek, Inc.
Cybersecurity: Protection strategies from Cisco and Next DimensionNext Dimension Inc.
Cisco's presentation on cyber security threats affecting Mid Size Commercial Businesses. Cisco's suite of cyber security solutions will protect your business
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?"
Gaining C-Suite support for a robust cyber security strategy is critical for funding, adoption and overall success. To ensure organizational support, there must be a solid understanding of cyber security, how to protect the organization's technology and data assets, the intersection of risk management and the impact cybercrimes can have on the organization's financial viability, operations, patient care and reputation. The session addresses the current state and emerging trends with digital disruptions, cyber crimes and threats along with the impact they have on organizations. This session will discussed how this is changing the ways CIOs approach technology deployment and security management.
Learning Objectives:
Describe the components of effective cyber security and latest trends
Describe effective approaches addressing cyber threat and risk assessments
Describe the importance of investing in cyber security and the risks involved with not adequately addressing cyber security
Discuss ways to educate and drive awareness of on the importance of cyber security and risk management so it becomes part of the organization's culture
Mac McMillan, FHIMSS, CISM
CEO and Founder
Cynergistek, Inc.
Patrick Bourk, National Cyber Practice Leader from Hub International, discusses the various cyber policies available for mid size commercial businesses. He also showcases the various types of risk to consider when working with an insurer.
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
Most small to medium health care organizations do not have the capability to address cyber incidents within the organization. Those that do are poorly trained and ill equipped. These health care organizations are subject to various laws that address privacy concerns, proper handling of financial information, and Personally Identifiable Information. Currently an IT staff handles responses to these incidents in an Ad Hoc manner. A properly trained, staffed, and equipped Cyber Incident Response Team is needed to quickly respond to these incidents to minimize data loss, and provide forensic data for the purpose of notification, disciplinary action, legal action, and to remove the risk vector. This paper1 will use the proven Incident Command System model used in emergency services to show any sized agency can have an adequate CIRT.
How prepared are you when it comes to Data Privacy? Take the enterprise data privacy quiz to find out. Follow along and mark your answers to see how you stack against your peers or read the report here: http://bit.ly/1DUGMfH.
Malware infiltration, spear phishing, data breaches...these are terrifying words with even more frightening implications. These threats are hitting the technology world hard and fast and can no longer be ignored.
CHIME LEAD DC 2014 - Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?" with Mac McMillan, FHIMSS, CISM, CEO & Founder, CynergisTek, Inc.
Cybersecurity: Protection strategies from Cisco and Next DimensionNext Dimension Inc.
Cisco's presentation on cyber security threats affecting Mid Size Commercial Businesses. Cisco's suite of cyber security solutions will protect your business
CHIME LEAD New York 2014 Opening Keynote "What is Cyber Security and Why is it Crucial to Your Organization?"
Gaining C-Suite support for a robust cyber security strategy is critical for funding, adoption and overall success. To ensure organizational support, there must be a solid understanding of cyber security, how to protect the organization's technology and data assets, the intersection of risk management and the impact cybercrimes can have on the organization's financial viability, operations, patient care and reputation. The session addresses the current state and emerging trends with digital disruptions, cyber crimes and threats along with the impact they have on organizations. This session will discussed how this is changing the ways CIOs approach technology deployment and security management.
Learning Objectives:
Describe the components of effective cyber security and latest trends
Describe effective approaches addressing cyber threat and risk assessments
Describe the importance of investing in cyber security and the risks involved with not adequately addressing cyber security
Discuss ways to educate and drive awareness of on the importance of cyber security and risk management so it becomes part of the organization's culture
Mac McMillan, FHIMSS, CISM
CEO and Founder
Cynergistek, Inc.
‘Bubble Power’-the revolutionary new energy source. It is working under the principle of Sonofusion.Sonofusion involves tiny bubbles imploded by sound waves that can make hydrogen nuclei fuse and may one day become a revolutionary new energy source.
Doug Copley presented on cybersecurity challenges in healthcare including threats, trends in healthcare, practical steps and building security without boundaries.
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
With 2015 cybersecurity themes and realities nearly in the rearview mirror, “Cybersecurity – Securing your 2016 Audit Plan” will shift our outlook to looking forward into what cybersecurity predictions are being made for 2016, and what key topics and themes will drive 2016 audit planning in the cybersecurity area.
PYA Principal Barry Mathis presented “Hot Topics in Privacy and Security,” at the Florida Hospital Association's 14th Annual Health Care Corporate Compliance Education Retreat.
The presentation explored:
• Changes in the privacy and security ecosystem.
• Emerging technology risks and hot topics.
• What happens to hacked data.
• How to best protect data.
CHIME LEAD Fourm Houston - "Case Studies from the Field: Putting Cyber Security Strategies into Action" - Hitchhikers Guide to IT Security
"Case Studies from the Field: Putting Cyber Security Strategies into Action"
Learn from those in the trenches who have deployed effective cyber strategies in their organizations, foiled attacks and managed breach situations. Learn approaches for success and pitfalls to avoid by exploring the experience of others with deployment and management of cyber security strategies and plans.
Learning Objectives:
Identify successes, challenges and lessons learned with implementation of cyber strategies
Identify success strategies for gaining the C Suite support and ways cyber security can be integrated into the organization's culture and work processes.
Identify best practices with anticipating new and emerging threats and ways to maintain a proactive position instead of reactive
Identify approaches for breach preparation and breach management
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
The Compliancy Group offers FREE HIPAA education with industry experts from across the industry. This months webinar with Axis Technology focuses on Health IT and the challenges that come with it. Register for our upcoming webinars at www.compliancy-group.com/webinar
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
Since Syncsort's acquisition of security products from Cilasoft, Enforcive, Townsend Security and Trader's - we've been working hard to blend best-of-breed technology and create a powerful, integrated solution. We're happy to announce that the wait is almost over!
In just a few short weeks, Syncsort will announce the first release of this new security solution. We want partners like you on-board with all the latest information on how this great new product will meet your customers' needs to:
• Identify security vulnerabilities
• Pass audits for industry, state or governmental security regulations
• Detect and report on compliance deviations and security incidents
• Lock down access to systems and databases
• Ensure the privacy of sensitive data - both at rest and in motion
mHealth Israel_Cyber Risk in Healthcare_Mary Alice Annecharico_CIO Henry Ford...Levi Shapiro
Presentation by Mary Alice Annecharico, former CIO, Henry Ford Health System: Cyber Risk in Healthcare. Some of the issues discussed include Building a Culture of Confidentiality, Executive leadership engagement, Board of Director sponsorship, Institutional Stressors that encircle all cyber-risk issues, the Clinical mission, CMS cuts, Revenue downturns, budget cuts, availability of funding for priorities. Assessing and Managing Cyber-risk, etc.
One thing's for sure, there are many choices when it comes to hardware, software and everything in between. How can you know if you have the right infrastructure for moving forward? Many organizations have an IT Assessment done as their organizations grow to determine the best strategic plan for moving forward.
Part of the "2016 Annual Conference: Big Data, Health Law, and Bioethics" held at Harvard Law School on May 6, 2016.
This conference aimed to: (1) identify the various ways in which law and ethics intersect with the use of big data in health care and health research, particularly in the United States; (2) understand the way U.S. law (and potentially other legal systems) currently promotes or stands as an obstacle to these potential uses; (3) determine what might be learned from the legal and ethical treatment of uses of big data in other sectors and countries; and (4) examine potential solutions (industry best practices, common law, legislative, executive, domestic and international) for better use of big data in health care and health research in the U.S.
The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School 2016 annual conference was organized in collaboration with the Berkman Center for Internet & Society at Harvard University and the Health Ethics and Policy Lab, University of Zurich.
Learn more at http://petrieflom.law.harvard.edu/events/details/2016-annual-conference.
Critical Care: The Importance of Stronger Authentication in Health CareFIDO Alliance
Ensuring that data is secure is of critical importance to health care organizations, yet 90% have had a data breach with an average cost of $2.1 million. The need for advanced authentication solutions is clear.
Learn:
– How FIDO enabled solutions are being deployed in health care
– Relevant government and regulatory policies
– The impact of stronger authentication for patients and practitioners
Shaping the Future of Trusted Digital IdentityNoreen Whysel
May 2019 presentation by Noreen Whysel to the CARIN Technology Committee. Discusses the Identity Ecosystem Framework Registry (idefregistry.org) and proposed health data use cases for potential trusted identity API for healthcare.
Michigan Health Information Network Shared Services MiHIN ADT Admit Discharge Transfer ONC Office of the National Coordinator for Health Information Technolgy HIT HIE
ARTIFICIAL INTELLIGENCE IN HEALTHCARE.pdfAnujkumaranit
Artificial intelligence (AI) refers to the simulation of human intelligence processes by machines, especially computer systems. It encompasses tasks such as learning, reasoning, problem-solving, perception, and language understanding. AI technologies are revolutionizing various fields, from healthcare to finance, by enabling machines to perform tasks that typically require human intelligence.
These lecture slides, by Dr Sidra Arshad, offer a quick overview of physiological basis of a normal electrocardiogram.
Learning objectives:
1. Define an electrocardiogram (ECG) and electrocardiography
2. Describe how dipoles generated by the heart produce the waveforms of the ECG
3. Describe the components of a normal electrocardiogram of a typical bipolar leads (limb II)
4. Differentiate between intervals and segments
5. Enlist some common indications for obtaining an ECG
Study Resources:
1. Chapter 11, Guyton and Hall Textbook of Medical Physiology, 14th edition
2. Chapter 9, Human Physiology - From Cells to Systems, Lauralee Sherwood, 9th edition
3. Chapter 29, Ganong’s Review of Medical Physiology, 26th edition
4. Electrocardiogram, StatPearls - https://www.ncbi.nlm.nih.gov/books/NBK549803/
5. ECG in Medical Practice by ABM Abdullah, 4th edition
6. ECG Basics, http://www.nataliescasebook.com/tag/e-c-g-basics
MANAGEMENT OF ATRIOVENTRICULAR CONDUCTION BLOCK.pdfJim Jacob Roy
Cardiac conduction defects can occur due to various causes.
Atrioventricular conduction blocks ( AV blocks ) are classified into 3 types.
This document describes the acute management of AV block.
HOT NEW PRODUCT! BIG SALES FAST SHIPPING NOW FROM CHINA!! EU KU DB BK substit...GL Anaacs
Contact us if you are interested:
Email / Skype : kefaya1771@gmail.com
Threema: PXHY5PDH
New BATCH Ku !!! MUCH IN DEMAND FAST SALE EVERY BATCH HAPPY GOOD EFFECT BIG BATCH !
Contact me on Threema or skype to start big business!!
Hot-sale products:
NEW HOT EUTYLONE WHITE CRYSTAL!!
5cl-adba precursor (semi finished )
5cl-adba raw materials
ADBB precursor (semi finished )
ADBB raw materials
APVP powder
5fadb/4f-adb
Jwh018 / Jwh210
Eutylone crystal
Protonitazene (hydrochloride) CAS: 119276-01-6
Flubrotizolam CAS: 57801-95-3
Metonitazene CAS: 14680-51-4
Payment terms: Western Union,MoneyGram,Bitcoin or USDT.
Deliver Time: Usually 7-15days
Shipping method: FedEx, TNT, DHL,UPS etc.Our deliveries are 100% safe, fast, reliable and discreet.
Samples will be sent for your evaluation!If you are interested in, please contact me, let's talk details.
We specializes in exporting high quality Research chemical, medical intermediate, Pharmaceutical chemicals and so on. Products are exported to USA, Canada, France, Korea, Japan,Russia, Southeast Asia and other countries.
Anti ulcer drugs and their Advance pharmacology ||
Anti-ulcer drugs are medications used to prevent and treat ulcers in the stomach and upper part of the small intestine (duodenal ulcers). These ulcers are often caused by an imbalance between stomach acid and the mucosal lining, which protects the stomach lining.
||Scope: Overview of various classes of anti-ulcer drugs, their mechanisms of action, indications, side effects, and clinical considerations.
Tom Selleck Health: A Comprehensive Look at the Iconic Actor’s Wellness Journeygreendigital
Tom Selleck, an enduring figure in Hollywood. has captivated audiences for decades with his rugged charm, iconic moustache. and memorable roles in television and film. From his breakout role as Thomas Magnum in Magnum P.I. to his current portrayal of Frank Reagan in Blue Bloods. Selleck's career has spanned over 50 years. But beyond his professional achievements. fans have often been curious about Tom Selleck Health. especially as he has aged in the public eye.
Follow us on: Pinterest
Introduction
Many have been interested in Tom Selleck health. not only because of his enduring presence on screen but also because of the challenges. and lifestyle choices he has faced and made over the years. This article delves into the various aspects of Tom Selleck health. exploring his fitness regimen, diet, mental health. and the challenges he has encountered as he ages. We'll look at how he maintains his well-being. the health issues he has faced, and his approach to ageing .
Early Life and Career
Childhood and Athletic Beginnings
Tom Selleck was born on January 29, 1945, in Detroit, Michigan, and grew up in Sherman Oaks, California. From an early age, he was involved in sports, particularly basketball. which played a significant role in his physical development. His athletic pursuits continued into college. where he attended the University of Southern California (USC) on a basketball scholarship. This early involvement in sports laid a strong foundation for his physical health and disciplined lifestyle.
Transition to Acting
Selleck's transition from an athlete to an actor came with its physical demands. His first significant role in "Magnum P.I." required him to perform various stunts and maintain a fit appearance. This role, which he played from 1980 to 1988. necessitated a rigorous fitness routine to meet the show's demands. setting the stage for his long-term commitment to health and wellness.
Fitness Regimen
Workout Routine
Tom Selleck health and fitness regimen has evolved. adapting to his changing roles and age. During his "Magnum, P.I." days. Selleck's workouts were intense and focused on building and maintaining muscle mass. His routine included weightlifting, cardiovascular exercises. and specific training for the stunts he performed on the show.
Selleck adjusted his fitness routine as he aged to suit his body's needs. Today, his workouts focus on maintaining flexibility, strength, and cardiovascular health. He incorporates low-impact exercises such as swimming, walking, and light weightlifting. This balanced approach helps him stay fit without putting undue strain on his joints and muscles.
Importance of Flexibility and Mobility
In recent years, Selleck has emphasized the importance of flexibility and mobility in his fitness regimen. Understanding the natural decline in muscle mass and joint flexibility with age. he includes stretching and yoga in his routine. These practices help prevent injuries, improve posture, and maintain mobilit
Ethanol (CH3CH2OH), or beverage alcohol, is a two-carbon alcohol
that is rapidly distributed in the body and brain. Ethanol alters many
neurochemical systems and has rewarding and addictive properties. It
is the oldest recreational drug and likely contributes to more morbidity,
mortality, and public health costs than all illicit drugs combined. The
5th edition of the Diagnostic and Statistical Manual of Mental Disorders
(DSM-5) integrates alcohol abuse and alcohol dependence into a single
disorder called alcohol use disorder (AUD), with mild, moderate,
and severe subclassifications (American Psychiatric Association, 2013).
In the DSM-5, all types of substance abuse and dependence have been
combined into a single substance use disorder (SUD) on a continuum
from mild to severe. A diagnosis of AUD requires that at least two of
the 11 DSM-5 behaviors be present within a 12-month period (mild
AUD: 2–3 criteria; moderate AUD: 4–5 criteria; severe AUD: 6–11 criteria).
The four main behavioral effects of AUD are impaired control over
drinking, negative social consequences, risky use, and altered physiological
effects (tolerance, withdrawal). This chapter presents an overview
of the prevalence and harmful consequences of AUD in the U.S.,
the systemic nature of the disease, neurocircuitry and stages of AUD,
comorbidities, fetal alcohol spectrum disorders, genetic risk factors, and
pharmacotherapies for AUD.
- Video recording of this lecture in English language: https://youtu.be/lK81BzxMqdo
- Video recording of this lecture in Arabic language: https://youtu.be/Ve4P0COk9OI
- Link to download the book free: https://nephrotube.blogspot.com/p/nephrotube-nephrology-books.html
- Link to NephroTube website: www.NephroTube.com
- Link to NephroTube social media accounts: https://nephrotube.blogspot.com/p/join-nephrotube-on-social-media.html
Report Back from SGO 2024: What’s the Latest in Cervical Cancer?bkling
Are you curious about what’s new in cervical cancer research or unsure what the findings mean? Join Dr. Emily Ko, a gynecologic oncologist at Penn Medicine, to learn about the latest updates from the Society of Gynecologic Oncology (SGO) 2024 Annual Meeting on Women’s Cancer. Dr. Ko will discuss what the research presented at the conference means for you and answer your questions about the new developments.
Report Back from SGO 2024: What’s the Latest in Cervical Cancer?
Panel Cyber Security and Privacy without Carrie Waggoner
1. Security & Privacy Panel
Moderator: Jeff Livesay
MiHIN Associate Director
2. Security – by the numbers - redux
• Same as last year: I say a number and the
person who guesses what the number refers
to receives a door prize….
43 39 33 18
This year‟s numbers are:
3. The percentage of
ALL 2011 security breaches in
ALL industries globally that began
in healthcare
43
Source: Symantec 2012
4. The percentage of healthcare
security breaches that begin in
practices of size 1-10 providers
39
Source: HITRUST U.S. Healthcare Data Breach Trends Dec 2012
5. $1.50
per CC#
(PCI)
$3
per SS#
(PII)
$50
per medical record
(PHI)
Source: Digital Health Conference Panel, NYC 2012
33
The Black Market value ratio of
Personal Health Information (PHI)
to Personal Credit Information (PCI)
6. • The number of prioritized recommendations made
in the Cyber-Security White Paper to:
• Michigan‟s Health Information Technology
Commission in February 2013
• Governor Snyder‟s Cyber Initiative Task Force in
March 2013
18 MiHIN
White Paper
Half of these recommendations already
have efforts underway in Michigan
7. Why are Security and Privacy so
important in healthcare?
Ensuring the Security of Electronic Health Records:
http://www.youtube.com/watch?feature=player
_embedded&v=BxSFS9faxI4#
8. Introducing today‟s panelists
• Dan Lohrmann, Michigan Chief Security Officer, Deputy
Director, Michigan Dept. of Technology, Management &
Budget Cybersecurity & Infrastructure Protection
• Brian Seggie, Chief Security Officer, MiHIN
• Carrie Waggoner: Privacy Specialist, Office of Legal
Affairs, Michigan Dept. of Community Health
• Allan Foster, President, Kantara Initiative; Community
VP, ForgeRock
• Jeremy Rowley, Associate General Counsel, Digicert
9. Use of material by permission only.
Michigan Department of Technology, Management & Budget
Healthcare Information
Protecting Your Data
Dan Lohrmann, Michigan Chief Security Officer
June 6, 2013
10. Use of material by permission only.
Global Cyber Threats . . .
10
11. Use of material by permission only.
DHS Open Source Report
(www.dhs.gov/national-infrastructure-protection-plan)
11
14. Use of material by permission only.
Healthcare Information – Insider Threat
Louisiana . . . 7 Arrested for creating fake IDs using
patient information
Florida . . . ER Clerk accessed records
to sell for profit
Texas . . . State employee used
immunization information to apply
for credit cards
Source: Health Info Security January 2013
15. Use of material by permission only.
4 Critical Errors
#1 – Presuming that HIPAA
Compliance is Security
#2 – Basing Security on Systems
Rather than the Critical Data
#3 – Ineffective Awareness
Program
#4 – Failure to Control Access to
Information
Source: IT World, June 2009
16. Use of material by permission only.
Top 3 Threats to Healthcare Security
#1 – Malware: Computers need to be hardened with
appropriate security configurations. Anti-virus and anti-
spyware are not enough!
#2 – Automatic Log-off: Workers leave workstations without
logging off, often in public areas. Automated log-off procedure
a must!
#3 – Removable Media: USB devices enable removal of
sensitive information with the click of a mouse. Know what’s
on your network!
Source: Information Management Magazine Feb 2006
17. Trust Frameworks:
Our communities shape the future of Digital Identity
Allan Foster (ForgeRock), Board of Trustee President
MiNIH 2013
18. 18
Kantara Initiative: Overview
Values
Kantara Initiative - Trust Frameworks: A Global Context
Organizations, Industry and
Governments join Kantara because
we value:
• Trust
Operating Accreditation, Approval
and Certification programs
• Privacy
Developing privacy respecting
solutions.
• Security
Developing high security solutions
and practices
• Community
Bridging technology and policy
requirements
Trustees:
Trustees At Large:
• Government of Canada
• Terena
19. 19
Kantara Initiative: Overview
Federation, Compliance, and Interoperability
Kantara Initiative - Trust Frameworks: A Global Context
Members join Kantara because we
build trust and harmonization by
developing compliance criteria based
on requirements of end-users, relying
parties and identity providers.
Organizations become APPROVED
because we operate compliance
programs for multiple solutions that
fit a variety of requirements and
jurisdictions.
Kantara Builds Bridges
*Non-Profit 501c6
20. 20
Kantara Initiative: Review
Landscape
Kantara Initiative - Trust Frameworks: A Global Context
Healthcare organizations join Kantara to leverage our community and Approval
services (NIST, ICAM , etc) to advance their organizational goals.
• Healthcare provider‟s identity is tied to each clinical and administrative system
they use.
• Single sign-on solutions exist for some large organizations. These solutions do
not necessarily scale beyond the walls of the organization.
• „Extended‟ environment, point-to-point integration and agreements must exist
between organizations in order to provide system access to individuals.
• Traditional fee-for-service healthcare delivery had little or no need for a nation
wide interoperable, federated identity ecosystem.
• Incentive models are changing with the advent of Accountable Care
Organizations and Community-based healthcare delivery.
21. 21
Kantara Initiative: Overview
What does a Trust Framework look like?
Kantara Initiative - Trust Frameworks: A Global Context
Trust
Input
Requirements
in to Kantara
Kantara and
end-user
stakeholders
develop criteria
for assessment
Kantara
Accredited
Assessors
perform
assessments
Relying Parties
&
End-Users
Criteria for IdP /
CSP Assessment
to verify Trust
22. 22
Trust Framework Model
Kantara Initiative - Trust Frameworks: A Global Context
Registration
Verification
Assessment
Certification
Process
Trust Status
Listing Service
Interested
Parties
Trust Status Listing Service,
Registry, White List
23. Kantara Trust Framework:
Component Services
23Kantara Initiative - Trust Frameworks: A Global Context
Credential
Service
Provider
Identity
Proofing /
Verification
Organizational
Trust
Credential
Issuance /
Management
Responding to industry
experts Kantara
members create path to
component service
recognition.
Component Services:
• Identity Proofing /
Verification
• Credential Issuance
and Management
24. Kantara Trust Framework:
Accredited Assessors and Approved CSPs
Kantara Accredited to LoA 1-4
24Kantara Initiative - Trust Frameworks: A Global Context
Kantara Approved to LoA 3 non-crpyto
Verizon Universal Identity Service (VUIS)*
* ICAM Trust Framework Approval
IDPV Component Recognition
Norton Credential Service Provider
*ICAM Trust Framework Approval (Conditional)
25. Shaping the Future of Digital Identity
Thanks!!
• @kantaranews
• kantarainitiative.org
• kantarainitiative.org/membership/
• kantarainitiative.org/listinfo/community
• bit.ly/Kantara_Assurance
• Support@kantarainitiative.org
25Kantara Initiative - Trust Frameworks: A Global Context
26. The Other Side of Security
Brian Seggie
MiHIN Chief Security Officer
27. With all of the investments in Security…
• Technical solutions have been deployed
Firewalls, Intrusion Prevention Systems, Data Loss Prevention
• Standards have been developed
FIPS 140, NIST 800, ISO 27001/2
• Compliance structures have been built
ISC, SANS, COBIT
• Regulations have been passed
HIPAA/HITECH, PCI-DSS, SOX, GLBA
why are we still insecure?
28. The Other Side of Security
• Attitude
• Confusion
• Important data not identified
• Complexity
• Understaffing
29. Attitude – Denial of the Threat
“There are only two types of companies: those
that have been hacked, and those that will be.”
- FBI Director Robert Mueller, 2012
“There are only two categories of companies …
those that know they’ve been compromised and
those that don’t know it yet.”
- US Attorney General, 2013
and more recently…
31. Identify what is important
Where should you focus your limited resources?
32. Complexity
Too many dissimilar systems and security policies
of organizations use network security
devices from multiple vendors
reported a security breach, system
outage, or both, due to complex policies
Source: Algosec 2012 survey
95%
50%
33. Understaffed IT Departments
• Shortcuts taken to just “keep the lights on”
• Hit-and-miss management of infrastructure
“More than two-thirds of the world's CSOs
report that their current information security
operations are understaffed, and that it's
compromising their company's security.”
Source: Frost & Sullivan for ISC(2) 2012
35. Direct, Privacy, and Interstate
Communication
Presented by Jeremy Rowley
DigiCert, Inc.
36. Report to Congress on Foreign Economic Collection and Industrial
Espionage from the Office of the National Counterintelligence Executive
Office: “The massive R&D costs for new [Healthcare] products in these
sectors, up to $1 billion for a single drug, the possibility of earning
monopoly profits from a popular new pharmaceutical, and the growing
need for medical care by aging populations in China, Russia, and elsewhere
are likely to drive interest in collecting valuable US healthcare,
pharmaceutical, and related information.”
The HIMSS Privacy and Security Committee goal: "By 2014, all entities who
use, send, or store health information meet requirements for
confidentiality, integrity, availability and accountability based on sound risk
management practices, using recognized standards and protocols."
NHIN Project Statement: “A project to create the set of standards and
services that, with a policy framework, enable simple, directed, routed,
scalable transport over the Internet to be used for secure and meaningful
exchange between known participants in support of meaningful use”
36
DirectTrust Project
37. 37
DirectTrust Communication
Single solution that secures communication to patients, public health,
and other providers
Built on existing PKI and uses existing systems
• Identity, Digital Signatures, Encryption
• Widely used and nationwide adoption by the HISPs
Athena, Cerner, McKesson, covisint, eClincalWorks, MiHIN
ONC endorsed and compliant with guidance released in May 2013
Meets Direct requirements
• Simple – Push-based transport system
• Secure – Encrypted and verifiable messages
• Scalable – No need for a central network authority
• Standards-based – uses s/MIME established protocols
Uses HISPs to handle infrastructure and provide communication
• Arranges identity verification
• Manages digital certificates
• Maintains integrity of trust and security framework
• Responsible for complying with regulations
38. 38
DirectTrust Interstate Participants
CA
•Cross-certification with FBCA
•Accredited trust anchor
•Certificate Issuance
RA
•Identity Verification to NIST LOA3/Medium
•Accredited practices
HISP
•Gatekeeper for participation
•Certificate management and facilitation of communication between the parties
•Verified individual and organizational ientity
HCO
•Transacts health care information
•Verified representative responsible for certificates and communication
Patients
•Provides health care information
•Communication with the HCO
39. • Organization verified using government documents
• In-person or remote proofing using a government ID
• Address verification
• FBCA medium assurance verification
NIST LOA3
• Organization verified using government documents
• In-person proofing using government IDs
• Declaration of Identity
• 30 days of issuance
Medium
39
Verification Requirements
42. Founding member, co-chair of Certificate Policies & Practices
Working Group, DirectTrust
First CA to issue Direct-compliant FBCA certificates
Direct Med CA included in Transitional Trust Anchor Bundle
Already supporting HISPs, HIEs and HCOs
Feel free to contact me at jeremy.rowley@digicert.com
42
DigiCert
43. Questions?
Contact Us:
Jeff Livesay
Associate Director
livesay@mihin.org
Brian Seggie
Security Director and Chief Security Officer
seggie@mihin.org
For more information:
security@mihin.org
Editor's Notes
Current LandscapeFaxes – slow inconvenient and expensiveElectronic communication – not secureMeaningful Use stages demand something betterDirectTrust.org – endorsed by the ONC on May 24, 2013http://www.healthit.gov/buzz-blog/electronic-health-and-medical-records/directtrust-builds-transparency-confidence-direct-exchange/
Simple – Messages are containers of health information, connects through universal addressing using simple push of informationSecure – Encryption and express trust relationship, users can verify the message is complete and free from tamperingScalable - Security agents are responsible for providing servicesStandards – SMTP-based secure emails that comply with RFC5322